need clue on a fogue
Quentin Chung@Programmer
quentin.chung at programmer.com.hk
Wed Jul 15 19:17:50 UTC 2009
Hi all,
I would like to see some help on a case.
in a normal DHCPDISCOVER through dhcp relay
SRC IP = {RELAY IP}
SRC MAC = {RELAY MAC ADDR}
DST IP = {DHCP server's IP}
DST MAC = {DHCP server's MAC ADDR}
BROADCAST = 1
CIADDR = 0.0.0.0
YIADDR = 0.0.0.0
SIADDR = 0.0.0.0
GIADDR = {RELAY IP}
and for the DHCPOFFER,
SRC IP = {DHCP server' IP}
SRC MAC = {DHCP server's MAC ADDR}
DST IP = {RELAY IP}
DST MAC = {RELAY MAC ADDR}
BROADCAST = 1
CIADDR = 0.0.0.0
YIADDR = {IP offered}
SIADDR = {DHCP server's IP}
GIADDR = {RELAY IP}
However, we find the following DHCPOFFER in our network
SRC IP = {DHCP server' IP}
SRC MAC = {DHCP server's MAC ADDR}
DST IP = {RELAY IP}
DST MAC = {RELAY MAC ADDR}
BROADCAST = 0 (*)
CIADDR = 225.1.2.0 (* a multicast IP addr)
YIADDR = {IP offered}
SIADDR = {DHCP server's IP}
GIADDR = {RELAY IP}
see the BROADCAST & CIADDR..
what next ? the dhcp relay will send the DHCPOFFER to the multicase IP address.
I would like to clarify, is it mean in the DHCPDISCOVER, CIADDR is filled with 225.1.2.0 and produce this DHCPOFFER ?
It is a valid DHCPDISCOVER can generate this DHCPOFFER? if yes, how is the DHCPDISCOVER looks like ?
is it a valid DHCPOFFER? if not, is it potentially a bug/vulnerability ?
BR Quentin
More information about the dhcp-hackers
mailing list